Hep with Advanced Restrictions on the Same Subnet
Short Description:
We have a new customer accessible server that we want on the same subnet as our other workstations but want to keep someone from being able to hack into our network by someone hacking into the customer server and guessing login parameters for one of our more powerful user accounts.
Long Description:
We have a custom (non-web) program that runs on each users workstation that talks with our mysql server
So we have accounts with host entries of 10.2.1%
Now, the tricky part
We setup a server for customers to access our web-interface version of the same system.
We created a separate mysql account for the web server to use in it's php code to access the server with restricted priviledges
But our concern is that if someone were to somehow hack into the server, and be able to figure out one of our other mysql user accounts password, they could gain full access to our database
So we put our new customer web server on a separate subnet. So all of our other accounts have a host of 10.2.1%, and the customer web server has a host of 10.2.3.%
So this seems to solve our security problem
However, now communication between our customer web server and the main server on separate subnets is horrifically slow
Our ISP config'd the router for the 2nd subnet, and they say it's setup right, and that the slowness is an application issue. (I put the customer server back on the same subnet and it went back to full speed communications with the mysql server)
So I'm going back to MySQL, to see if there is someway to have the customer server and our main server on the same subnet without the security risks
I thought if I made an entry in the HOSTS table containing every address but the customer server address that I could work something out that way. But I wasn't able to get it to work at all.
Is there some other way of handling this security dilema, or am I completely thinking wrong about this?
Subject
Views
Written By
Posted
Hep with Advanced Restrictions on the Same Subnet
4320
June 09, 2006 02:30PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.